aboutsummaryrefslogtreecommitdiffstats
path: root/test/openssl
Commit message (Collapse)AuthorAgeFilesLines
* * ext/openssl/ossl_bn.c (ossl_bn_initialize): allow Fixnum and Bignum.naruse2013-04-251-5/+30
| | | | | | [ruby-core:53986] [Feature #8217] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40461 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/csv/test_features.rb, test/logger/test_logger.rbakr2013-04-201-14/+12
| | | | | | | | | | | | | | | | | | test/mkmf/test_have_macro.rb, test/net/http/test_http.rb, test/openssl/test_config.rb, test/psych/test_encoding.rb, test/psych/test_exception.rb, test/psych/test_psych.rb, test/psych/test_tainted.rb, test/readline/test_readline.rb, test/rexml/test_contrib.rb, test/ruby/test_autoload.rb, test/ruby/test_beginendblock.rb, test/ruby/test_exception.rb, test/ruby/test_file.rb, test/ruby/test_io.rb, test/ruby/test_marshal.rb, test/ruby/test_process.rb, test/ruby/test_require.rb, test/ruby/test_rubyoptions.rb, test/syslog/test_syslog_logger.rb, test/webrick/test_httpauth.rb, test/zlib/test_zlib.rb: Use Tempfile.create. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_cipher.rb: Correct a typonaruse2013-04-181-3/+3
| | | | | | | by jgls <joerg@joergleis.com> https://github.com/ruby/ruby/pull/291 fix GH-291 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40361 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Correct shutdown behavior w.r.t GC.emboss2013-04-151-0/+27
| | | | | | | | | * test/openssl/test_ssl.rb: Add tests to verify correct behavior. [Bug #8240] Patch provided by Shugo Maeda. Thanks! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40304 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Fix #6154 by introducing new EAGAIN/EWOULDBLOCK/EINPROGRESSheadius2013-04-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | subclasses that include WaitReadable or WaitWritable rather than extending them into the exception object each time. * error.c: Capture EGAIN, EWOULDBLOCK, EINPROGRESS exceptions and export them for use in WaitReadable/Writable exceptions. * io.c: Create versions of EAGAIN, EWOULDBLOCK, EINPROGRESS that include WaitReadable and WaitWritable. Add rb_readwrite_sys_fail for nonblocking failures using those exceptions. Use that function in io_getpartial and io_write_nonblock instead of rb_mod_sys_fail * ext/openssl/ossl_ssl.c: Add new SSLError subclasses that include WaitReadable and WaitWritable. Use those classes for write_would_block and read_would_block instead of rb_mod_sys_fail. * ext/socket/ancdata.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in bsock_sendmsg_internal and bsock_recvmsg_internal. * ext/socket/init.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in rsock_s_recvfrom_nonblock and rsock_s_connect_nonblock. * ext/socket/socket.c: Use rb_readwrite_sys_fail instead of rb_mod_sys_fail in sock_connect_nonblock. * include/ruby/ruby.h: Export rb_readwrite_sys_fail for use instead of rb_mod_sys_fail. Introduce new constants RB_IO_WAIT_READABLE and RB_IO_WAIT_WRITABLE for first arg to rb_readwrite_sys_fail. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40195 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_bn.c (ossl_bn_initialize): fix can't create from bn.naruse2013-04-031-0/+4
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40090 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* fix typo: s/@ca_cert/@cacert/naruse2013-04-021-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Suppress warning: OpenSSL::X509::StoreContext#cleanup is deprecated with no ↵naruse2013-03-231-1/+4
| | | | | | replacement git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl.c: do not use FIPS_mode_set if not available.emboss2012-12-202-46/+6
| | | | | | | | | | | | * test/openssl/utils.rb: revise comment about setting FIPS mode to false. * test/openssl/test_fips.rb: remove tests that cause errors on ruby-ci. [Feature #6946] [ruby-core:47345] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * remove trailing spaces.nobu2012-12-201-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38489 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_cipher.c: add support for Authenticated Encryptionemboss2012-12-201-4/+137
| | | | | | | | | | | | | | with Associated Data (AEAD) for OpenSSL versions that support the GCM encryption mode. It's the only mode supported for now by OpenSSL itself. Add Cipher#authenticated? to detect whether a chosen mode does support Authenticated Encryption. * test/openssl/test_cipher.rb: add tests for Authenticated Encryption. [Feature #6980] [ruby-core:47426] Thank you, Stephen Touset for providing a patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * remove trailing spaces.nobu2012-12-201-2/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38483 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_pkey_dh.rb: revert special treatment ofemboss2012-12-201-2/+1
| | | | | | | | | FIPS-capable installations since FIPS mode is now disabled for the tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl.c: add OpenSSL.fips_mode= to allow enabling FIPSemboss2012-12-202-0/+59
| | | | | | | | | | | | | | mode manually. * test/openssl/utils.rb: turn off FIPS mode for tests. This prevents OpenSSL installations with FIPS mode enabled by default from raising FIPS-related errors during the tests. * test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL installations. [Feature #6946] [ruby-core:47345] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Use :TLSv1_2_client explicitly inemboss2012-12-181-1/+3
| | | | | | | | | test_tls_v1_2 to prevent upstream bug. [Bug #7197] [ruby-dev:46240] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38436 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Improve my grammar.emboss2012-12-181-3/+2
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as aemboss2012-12-181-2/+10
| | | | | | | | | | | | | | | countermeasure for the BEAST attack by default. The default options of OpenSSL::SSL:SSLContext are now: OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS [Bug #5353] [ruby-core:39673] * test/openssl/test_ssl.rb: Adapt tests to new SSLContext default. * NEWS: Announce the new default. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_cipher.rb (test_ctr_if_exists): add CTR mode testnahi2012-11-291-0/+15
| | | | | | | if underlying OpenSSL supports it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ruby.c (load_file_internal): set default source encoding asnaruse2012-11-061-0/+1
| | | | | | | | | UTF-8 instead of US-ASCII. [ruby-core:46021] [Feature #6679] * parse.y (parser_initialize): set default parser encoding as UTF-8 instead of US-ASCII. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37485 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_config.rb (OpenSSL#test_constants): skip only whennobu2012-10-061-3/+3
| | | | | | DEFAULT_CONFIG_FILE does not exist. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@37108 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_asn1_rb:emboss2012-09-036-14/+12
| | | | | | | | | | | | | test/openssl/test_ssl_session.rb: test/openssl/test_x509name.rb: test/openssl/test_buffering.rb: test/openssl/test_x509cert.rb: test/openssl/test_ssl.rb: Refactor code that leads to warnings on Ruby CI. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36894 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/utils.rb: Use DSS1 as DSA signature digest for allemboss2012-09-031-1/+1
| | | | | | | | | OpenSSL versions < 1.0.0. [ruby-core:47405] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36891 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* remove trailing spaces.nobu2012-09-031-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36886 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Detect OpenSSL_FIPS macroemboss2012-09-035-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to indicate whether OpenSSL runs in FIPS mode. test/openssl/test_pkey_dh.rb: Generate 256 bit keys for non-FIPS installations to improve test performance (e.g. for rubyci). test/openssl/utils.rb: Replace DSS1 as certificate signature digest with SHA1 for FIPS installations when using DSA by introducing TestUtils::DSA_SIGNATURE_DIGEST. test/openssl/test_x509cert.rb: test/openssl/test_x509crl.rb: test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST NEWS: Introduce OpenSSL::OPENSSL_FIPS These changes allow running the OpenSSL tests in FIPS mode while keeping a high performance for non-FIPS installations. Introduction of OpenSSL::OPENSSL_FIPS allows for applications to react to special requirements when using OpenSSL in FIPS mode. [Feature #6946] [ruby-core:47345] - Diese und die folgenden Zeilen werden ignoriert -- M ext/openssl/extconf.rb M ext/openssl/ossl.c M NEWS M ChangeLog M test/openssl/utils.rb M test/openssl/test_x509crl.rb M test/openssl/test_x509req.rb M test/openssl/test_x509cert.rb M test/openssl/test_pkey_dh.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/utils.rb: Use a cached DH key instead of generating aemboss2012-09-021-1/+8
| | | | | | | new one each time. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36881 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.emboss2012-08-311-9/+76
| | | | | | | | | | | | | | | ext/ossl_ssl.c: Support Next Protocol Negotiation. Protocols to be advertised by the server can be set in the SSLContext by using SSLContext#npn_protocols=, protocol selection on the client is supported by providing a selection callback with SSLContext#npn_select_cb. The protocol that was finally negotiated is available through SSL#npn_protocol. test/openssl/test_ssl.rb: Add tests for Next Protocol Negotiation. NEWS: add news about NPN support. [Feature #6503] [ruby-core:45272] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/utils.rbemboss2012-08-283-14/+15
| | | | | | | | | | test/openssl/test_pair.rb test/openssl/test_pkey_dh.rb: Use 1024 bit DH parameters to satisfy OpenSSL FIPS requirements. Patch by Vit Ondruch. [Bug #6938] [ruby-core:47326] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* remove trainling spaces.nobu2012-08-216-13/+13
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_config.rb (OpenSSL#test_constants): skip thiskosaki2012-08-091-0/+2
| | | | | | test if platform is Mac OS X or Windows. [Bug #6830] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36666 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/lib/openssl/digest.rbemboss2012-08-021-0/+8
| | | | | | | | | test/openssl/test_digest.rb: Add Digest module function to OpenSSL module and test it. Patch provided by Eric Hodel. [ruby-core:46908][Feature #6819] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_config.rb: remove temporally files early.akr2012-07-181-0/+9
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_pkey_ec.cemboss2012-06-101-0/+16
| | | | | | | | | test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul. Patch provided by Sambasiva Suda. Thanks! [ruby-core:44408][ruby-trunk - Feature #6310] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl.cemboss2012-06-103-0/+27
| | | | | | | | | | | | | | | | | | | ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb andemboss2012-06-091-28/+6
| | | | | | | | | | | | | remove SSLContext#disable_client_renegotiation and related functionality introduced in r35797. The new callback approach gives clients maximum flexibility to decide on their own what to do on renegotiation attempts. Add documentation for SSL module and SSLError. * test/openssl/test_ssl.rb: Add a test for SSLContext#renegotiation_cb. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.emboss2012-05-261-2/+42
| | | | | | | | | | | | | | | | | | | * test/openssl/test_ssl.rb: Simple tests for this. Client-side renegotiation is still considered problematic, even when used in the context of secure renegotiation (RI, RFC 5746). The changes allow users to either completely disable client renegotiation on the server, or to specify a maximum number of handshakes allowed in total. The number of total handshakes is counted in a callback set as SSL_set_info_callback. If the maximum number of handshakes is exceeded an error will be raised We do not support renegotiation in the OpenSSL extension, therefore this feature can only be tested externally. The feature is opt-in, the default setting will be to allow unlimited client renegotiation, as was the case before. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_ssl.rb: Clarify the intention of errors to beemboss2012-05-251-10/+13
| | | | | | | | | | expected. Two errors are possible when connection is refused due to a protocol version that was explicitly disallowed, OpenSSL::SSL::SSLError or Errno::ECONNRESET, depending on the OpenSSL version in use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Revert r35583emboss2012-05-251-0/+2
| | | | | | | | | | * test/openssl/test_ssl.rb: Handle ECONNRESET in code instead to avoid the test failing in Ruby CI [1] [1] http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz#test-all git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* OpenSSL 1.0.1 pre-beta disabled TLS v1.2 by default.naruse2012-05-211-1/+1
| | | | | | http://cvs.openssl.org/chngview?cn=21471 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35752 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test_ssl.rb: test only if necessary option is available.nobu2012-05-071-6/+6
| | | | | | | * test/openssl/test_ssl.rb (test_forbid_tls_v1_{1,2}_{for_client,from_server}): test only if necessary option is available. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35570 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: add support for option flagsemboss2012-05-072-155/+208
| | | | | | | | | | | | | | | | | OpenSSL::SSL::OP_NO_TLSv1_1 OpenSSL::SSL::OP_NO_TLSv1_2 to allow blocking specific TLS versions. Thanks to Justin Guyett for pointing this out to me. * test/openssl/test_ssl.rb: add tests to assert correct behavior when blocking certain versions of TLS/SSL both on server and client side. Also refactored tests to reduce boilerplate code a little. * test/openssl/utils.rb: rescue Errno::ECONNRESET for tests where client rejects the connection because a forbidden protocol version was used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add emboss2012-05-061-0/+29
| | | | | | | | | | | | SSLContext#version to inspect the version that was negotiated for a given connection. * ext/openssl/extconf.rb: detect TLS 1.1 & 1.2 support. * test/openssl/test_ssl.rb: add tests for TLS 1.1 & 1.2 given they are supported by the native OpenSSL being used. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Wait until the callback is called with timeout.naruse2012-04-091-3/+6
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35270 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data.emboss2012-03-291-0/+5
| | | | | | | | | | * test/openssl/test_pkcs7.rb: assert correct behavior for it. Thanks to Matt Venables for reporting the issue. [ruby-core:43250][Bug #6134] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * test/openssl/test_x509cert.rb: Exclude test that fails when issuingemboss2012-03-291-1/+2
| | | | | | | | | | | a certificate with RSA signature and DSS1 digest for earlier OpenSSL versions when used in conjunction with OpenSSL 1.0.1. Thanks, Vit Ondruch, for reporting the issue. [ruby-core:42949][Bug #6089] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_asn1.c: raise TypeError when trying to encode nilemboss2012-03-281-0/+12
| | | | | | | | | | | | | | | | values for Primitive instances. * test/openssl/test_asn1.rb: Assert consistent behavior when encoding nil values: Primitives raise TypeError, Constructives raise NoMethodError. Fixes [ruby-core:43009][Bug #6102] -This line, and those below, will be ignored-- M test/openssl/test_asn1.rb M ext/openssl/ossl_asn1.c M ChangeLog git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35159 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Fix condition.naruse2012-02-081-1/+1
| | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34490 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* "street" for X509 Name is not supported before 0.9.8m.naruse2012-02-081-9/+28
| | | | | | | It is added openssl/crypto/objects/obj_mac.h 1.83. http://cvs.openssl.org/rlog?f=openssl/crypto/objects/obj_mac.h git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSLnahi2012-02-081-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | option to prevent BEAST attack. See [Bug #5353]. In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent TLS-CBC-IV vulunerability described at http://www.openssl.org/~bodo/tls-cbc.txt It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack. (CVE-2011-3389) Until now ossl sets OP_ALL at SSLContext allocation and call SSL_CTX_set_options at connection. SSL_CTX_set_options updates the value by using |= so bits set by OP_ALL cannot be unset afterwards. This commit changes to call SSL_CTX_set_options only 1 time for each SSLContext. It sets the specified value if SSLContext#options= are called and sets OP_ALL if not. To help users to unset bits in OP_ALL, this commit also adds several constant to SSL such as OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were not exposed in Ruby because there's no way to unset bits in OP_ALL before. Following is an example to enable 0/n split for BEAST prevention. ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS * test/openssl/test_ssl.rb: Test above option exists. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * ext/openssl/ossl_x509name.c: Use the numerical representation ofemboss2012-02-081-0/+51
| | | | | | | | | | | | unrecognized OIDs instead of the sn "UNDEF". * test/openssl/test_x509name.rb: Add tests for the fixed behavior. Patch provided by Paul Kehrer, thanḱ you! [ruby-core:41769] [Feature #5787] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34481 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* * Make sure to clear $! when ignoring an exceptionnahi2011-12-201-0/+11
| | | | | | | | | | | | | | | | | * ext/openssl/ossl.c (ossl_pem_passwd_cb0, ossl_verify_cb): pem_passwd_cb and verify_cb ignores the exception raised in a callback proc so it should clear $! for subsequent execution. That's said, both subsequent processes for pem_passwd_cb and verify_cb raises another exception before leaking $! to Ruby world. We cannot test this fix in Ruby land. * test/openssl/test_pkey_rsa.rb (test_read_private_key_pem_pw_exception): Test for pem_passwd_cb + exception. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-27 07:58:35 +0000